Login (DCU Staff Only)
Login (DCU Staff Only)

DORAS | DCU Research Repository

Explore open access research and scholarly works from DCU

Advanced Search

Support for enhanced GDPR accountability with the common semantic model for ROPA (CSM‑ROPA)

Ryan, Paul orcid logoORCID: 0000-0003-0770-2737 and Brennan, Rob orcid logoORCID: 0000-0001-8236-362X (2022) Support for enhanced GDPR accountability with the common semantic model for ROPA (CSM‑ROPA). SN Computer Science, 3 . ISSN 2661-8907

Abstract
The creation and maintenance of Registers of Processing Activities (ROPA) are essential to meeting the General Data Protection Regulation (GDPR) and thus to demonstrate compliance based on the GDPR concept of accountability. To establish its effectiveness in meeting this obligation, we evaluate an ROPA semantic model, the Common Semantic Model–ROPA (CSM–ROPA). Semantic models and tools represent one solution to the compliance challenges faced by organisations: the heterogeneity of relevant data sources, and the lack of tool interoperability and agreed common standards. By surveying current practice and the literature we identify the requirements for GDPR accountability tools: digital exchange of data, automated accountability verification and privacy-aware data governance. A case study was conducted to analyse the expressivity and effectiveness of CSM–ROPA when used as an interoperable, machine-readable mediation layer to express the concepts in a comprehensive regulator-provided accountability framework used for GDPR compliance. We demonstrate that CSM–ROPA can express 98% of ROPA accountability terms and fully express nine of the ten European regulators' ROPA templates. We identify three terms for addition to CSM–ROPA, and we identify areas where CSM–ROPA relies on partial matches that indicate model limitations. These improvements to CSM–ROPA will provide comprehensive coverage of the regulator-supplied model. We show that tools based on CSM–ROPA can fully meet the requirements of compliance best practice when compared with either manual accountability approaches or a leading privacy software solution.
Metadata
Item Type:Article (Published)
Refereed:Yes
Additional Information:Article number: 224
Uncontrolled Keywords:Register of Processing Activities; Data Protection Ofcer; RegTech; Semantic Web; Accountability
Subjects:UNSPECIFIED
DCU Faculties and Centres:DCU Faculties and Schools > Faculty of Engineering and Computing > School of Computing
Research Initiatives and Centres > ADAPT
Publisher:MDPI
Official URL:https://doi.org/10.1007/s42979-022-01099-9
Copyright Information:© 2022 The Authors.
Funders:Open Access funding provided by the IReL Consortium, Uniphar PLC., SFI Research Centres Programme (Grant 13/RC/2106_P2), European Regional Development Fund
ID Code:27759
Deposited On:21 Sep 2022 16:04 by Thomas Murtagh . Last Modified 24 Mar 2023 14:36
Documents

Full text available as:

[thumbnail of s42979-022-01099-9.pdf]
Preview
PDF - Requires a PDF viewer such as GSview, Xpdf or Adobe Acrobat Reader
Creative Commons: Attribution 4.0
1MB
Downloads

Downloads

Downloads per month over past year

Archive Staff Only: edit this record